A Flaw In Slack, The Group Messaging App That's Going Viral In Silicon Valley, Exposes The Names Of Chat Rooms To Anybody
When using the Slack client for Mac, Sai discovered that you can visit Slack.com, enter a fake email address with any real company domain (like Apple.com, Google.com, etc.), and you can see all of the internal Slack teams associated with that company.
You can't enter the Slack rooms, but you can see the names of the rooms. As Sam Biddle at Valleywag points out:
Sure, you can't actually join the teams, or see what channels exist within them, or read a single letter that's been exchanged. But I now know there's a Slack team at Google called "Tribe Wearables"-does that mean they acquired this company? Even if this isn't sensitive information, it's still information-and that's not what people are paying Slack to do.
In some cases, performing this maneuver lets you see what these companies are working on. Check it out:
And The New York Times:
And The Wall Street Journal:
And last but certainly not least, Slack:
You can try this with basically any company you can think of - Slack is particularly hot among Silicon Valley startups.
We've reached out to Slack for comment, and the company said it would get back to us shortly.
- Hackers are using a new fake chatbot trick to steal your data — here’s how to keep yourself safe
- Google's Imagen can use text to make images, paintings, CGI renders using AI — here are some pictures
- New India Assurance net profit drawn down by huge operating loss in the health insurance segment
- LG’s rollable OLED TV finally debuts in India, priced at ₹75 lakhs
- Best water purifiers to buy in India